Solutions
ForgeRock Identity Platform
ForgeRock Identity Cloud

iOS Google Authenticator fails to register a device with an Invalid barcode error when using OATH nodes in Identity Cloud, AM 7.1.x and 7.2.x

Last updated Jan 24, 2023

The purpose of this article is to provide assistance if you encounter an "Invalid barcode" error when attempting to register a device with the iOS® Google® Authenticator app. This issue occurs when using a journey or tree that contains the OATH Registration node in ForgeRock Identity Cloud or AM.


1 reader recommends this article

Symptoms

You will see the following error on your device when scanning a QR code with the iOS Google Authenticator app in order to register the device:

Invalid barcode The barcode [URL] is not a valid authentication token barcode

The same QR code will work with other authenticators such as the ForgeRock Authenticator or the Android™ version of the Google Authenticator app.

Recent Changes

N/A

Causes

The barcode includes = padding characters in the base32 encoded secret, which the iOS Google Authenticator rejects but other authenticator apps just ignore. This is a known limitation with the iOS Google Authenticator.

Solution

This issue can be resolved by increasing the minimum secret key length to avoid padding as follows:

Identity Cloud admin UI

  1. Go to Journeys and click the journey that includes the OATH Registration node.
  2. Click the OATH Registration node.
  3. Enter a new value in the Minimum Secret Key Length field that avoids padding; choosing a value of 40 should typically work.
  4. Click Save.

AM admin UI

  1. Go to Realms > [Realm Name] > Authentication > Trees and select the tree that includes the OATH Registration node.
  2. Click the OATH Registration node.
  3. Enter a new value in the Minimum Secret Key Length field that avoids padding; choosing a value of 40 should typically work.
  4. Click Save.

See Also

FAQ: Journeys in Identity Cloud

Journeys


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.